Tips for: Securing the Software Supply Chain
Recommended Practices for Managing Open-Source Software and Software Bill of Materials
Failed to add items
Add to Cart failed.
Add to Wish List failed.
Remove from wish list failed.
Follow podcast failed
Unfollow podcast failed
Buy Now for $18.74
No default payment method selected.
We are sorry. We are not allowed to sell this product with the selected payment method
-
Narrated by:
-
Tom Brooks
-
Written by:
-
National Security Agency
About this listen
Unmitigated vulnerabilities in the software supply chain continue to pose a significant risk to organizations and our nation. This paper builds on the previously released Recommended Practices Guide for a software supply chain’s development, production and distribution, and management processes, to further increase the resiliency of these processes against compromise. This guidance also builds on and supports the Office of Management and Budget memorandum on Enhancing the Security of the Software Supply Chain through Secure Software Development Practices (M-23-16)4.
All organizations, whether they are a single developer or a large industry company, have an ongoing responsibility to maintain software supply chain security practices in order to mitigate risks, but the organization’s role as a developer, supplier or customer of software in the software supply chain lifecycle will continue to determine the shape and scope of this responsibility. The information contained in this guidance supports development activities of a single developer as well as activities of large industry companies. Activities should be planned for and acted upon one at a time, solidifying the new technique in the process before adding the next to be successful.